我正在从 Spring 2.7 升级到 Spring 3.1.1,修复了所有 Javax 到 Jakarta 的问题,但现在我不知道如何修复我的“filterChain”和白名单以确保我的安全。找不到任何解决方案,因此需要一些帮助来理解我做错了什么或任何文档(在撰写此问题时,官方文档正在更新到新版本但尚未完成)。
这是我的代码:
import com.my-project.my-software.security.JwtRequestFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
/**
* Class created to be the configuration for security on the system.
*
* @author Alfredo marin
* @version ALPHA-0.0.1
* @since 2023-02-17
*/
@Configuration
public class WebSecurityConfig implements WebMvcConfigurer {
/**
* JWT Filter Request instance.
*/
private final JwtRequestFilter jwtFilterRequest;
/**
* List with whitelisted endpoints.
*/
private static final String[] AUTH_WHITELIST = {
// -- Swagger UI v2
"/v2/api-docs",
"/swagger-resources",
"/swagger-resources/**",
"/configuration/ui",
"/configuration/security",
"/swagger-ui.html",
"/webjars/**",
// -- Swagger UI v3 (OpenAPI)
"/v3/api-docs/**",
"/swagger-ui/**",
// other public endpoints of your API may be appended to this array
"/users/register",
"/users/login"
};
/**
* Constructor.
*
* @param jwtFilterRequest JWT Filter Request instance.
*/
@Autowired
public WebSecurityConfig(JwtRequestFilter jwtFilterRequest) {
this.jwtFilterRequest = jwtFilterRequest;
}
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**").allowedMethods("*");
}
/**
* Method that configure the HTTP Security of the application.
*
* @param http the {@link HttpSecurity} to modify
* @throws Exception The API can encounter unknown bugs.
*/
public void filterChain(HttpSecurity http) throws Exception {
http.authorizeHttpRequests(authorizeHttpRequests ->
authorizeHttpRequests
.requestMatchers("/**").hasRole("USER")
).exceptionHandling(exceptionHandling ->
exceptionHandling
.accessDeniedPage("/errors/access-denied")
);
http.addFilterBefore(jwtFilterRequest,
UsernamePasswordAuthenticationFilter.class);
}
}
TL;DR:我无法使用 Spring Boot Starter Security 3.1.1 成功配置白名单路径 PS:“我的项目”和“我的软件”只是这个问题的占位符。